Avonair

Privacy Policy

Last updated: 27 May 2026

Avonair is an AI agency that digitalises and centralises businesses. This privacy policy explains which personal data we process — when you visit our website, contact us, or use Avonair Cockpit and our other services. We comply with the General Data Protection Regulation (GDPR).

Who Avonair is

Avonair is established in the Netherlands: Cruquiuskade 251, 1018AM Amsterdam, Chamber of Commerce 91401283, VAT NL004889881B44, email info@avonair.ai, phone +31 6 15562782.

Two different situations

It is important to keep two situations apart.

  1. You as a visitor or prospective client. You visit our website or get in touch. For that data, Avonair is the data controller itself. The first part of this policy is about that.
  2. Client data within an Avonair service. When we set up a Cockpit, an automation or a project for a client, Avonair processes personal data on behalf of that client. The client is then the data controller and Avonair is the processor. That processing is governed by the Avonair Cooperation Agreement and the accompanying quote, together with the Cockpit-specific sections further down in this document.

Which personal data we process as a visitor

As a visitor or prospective client we process only what is needed:

  • Contact details you provide yourself, such as name, company name, email address and telephone number, when you complete a form, request a quote or email us.
  • The content of your message, such as the question or situation you put to us.
  • Limited technical data from your website visit, such as an anonymised or limited IP value and general visit statistics. See also our cookie policy.

We do not ask for special categories of personal data and request that you do not include them unprompted in a message.

What we use this data for

  • To respond to your question or request and to discuss a possible project with you.
  • To prepare and carry out a quote or agreement.
  • To run our website and understand at a high level how it is used, so we can improve it.
  • To meet legal obligations, for example regarding administration.

On which legal basis we process (GDPR)

We process personal data on one or more of the following bases:

  • Performance of a contract, or taking steps at your request before entering into a contract.
  • Legitimate interest, for example to follow up on your request or to keep our website safe and usable, taking your interests into account.
  • Consent, for example for non-strictly-necessary cookies. You can withdraw consent at any time.
  • Legal obligation, where the law requires us to process.

Avonair Cockpit — what it is

Avonair Cockpit is a custom business dashboard that brings a company's separate tools and data together on one screen. A dedicated Cockpit is built per client with the modules required, including an overview module, a social analytics module, a finance module, a clients-and-projects module, a team-and-agenda module and an AI assistant. The sections below describe what Avonair Cockpit does with the data within those modules. For client Cockpits on their own (sub)domain the same principles apply, supplemented by the arrangements in the Avonair Cooperation Agreement and the accompanying quote.

Account data within a Cockpit

When you log in to an Avonair Cockpit we process:

  • Your email address and encrypted password.
  • Your role within your own Cockpit environment (admin or team member, set by your own organisation).
  • Login and activity timestamps, only for security and audit purposes.

Module data per connected source

A Cockpit consists of modules. Which modules are active in your Cockpit is set per client in the Avonair Cooperation Agreement and the quote. Per module:

  • You connect the source yourself via OAuth or a comparable secure method at the provider itself — Avonair Cockpit never receives the password of a connected service.
  • Avonair Cockpit only receives what the chosen module needs to populate its tiles, graphs and AI-assistant answers.
  • You retain the right to revoke the connection at any time — fetching new data stops immediately.

OAuth scopes for the social module

The social module is universally available and has pre-approved OAuth integrations with YouTube (Google), Instagram (Meta) and TikTok. Per platform we request the following permissions, and only these.

  • YouTube via Google OAuth — youtube.readonly. We receive: channel name, channel ID, subscribers, total views, video count, list of public videos with title, thumbnail and publish date. Used for KPI tiles and the top-video list.
  • YouTube via Google OAuth — yt-analytics.readonly. We receive: views per day, watch time per day, watch time per video, high-level demographics. Used for trend graphs and period comparisons.
  • Instagram via Meta OAuth — instagram_business_basic. We receive: account ID, username, profile picture, follower count, total media count. Used for account identification and KPI tiles.
  • Instagram via Meta OAuth — instagram_business_manage_insights. We receive: reach, impressions and profile visits at account level; views, likes, comments, saves and shares per post or reel. Used for trend graphs and the top-content list.
  • TikTok via TikTok Display API — user.info.basic. We receive: open ID, display name, avatar. Used for account identification.
  • TikTok via TikTok Display API — user.info.stats. We receive: follower count, following count, total likes, video count. Used for KPI tiles.
  • TikTok via TikTok Display API — video.list. We receive: user's public videos with title, thumbnail, views, likes, comments and shares. Used for the top-video list.

Other integrations — Gmail, Drive, CRM and more

Avonair Cockpit centralises. One screen for all the tools your business uses. Alongside the social module, integrations can be activated on your request with, for example, Gmail or comparable business email, with storage services like Drive or OneDrive, with calendar tools, with accounting or invoicing software, with CRM systems, and with other business sources you want to see centralised. For each integration we record in your Cooperation Agreement which data is fetched, for what purpose, and which pre-approved scopes at the relevant provider are used. Where an integration requires separate approval or audit by the provider, we explain this in advance.

What we do not do

General for your Cockpit:

  • We never receive your passwords. Integrations run via OAuth or a comparable secure method at the provider itself.
  • We do not sell data and we do not use your data for advertising.
  • We do not use your data to train AI models.
  • We do not share your data with third parties beyond the sub-processors needed to run the Cockpit.

Specifically for the social module:

  • We do not read private messages (DMs). DM functionality is not part of the social-module scopes.
  • We do not fetch contact lists, friend lists or personal data of your followers beyond what the platform returns at aggregate level (such as general demographics).

Security of your Cockpit

  • Data in the EU. All data within your Cockpit is stored in a data centre within the European Union. Nothing sits in the United States or any other non-EU country.
  • Encrypted at rest. Database rows are encrypted at disk level. OAuth tokens are additionally encrypted at application level, so even with a database-level leak they cannot be used.
  • Encrypted in transit. All connections run over HTTPS with modern TLS.
  • Row-level security. Database policies enforce that a user can only read rows belonging to their own Cockpit environment. A bug in the UI code cannot technically show someone else's data.
  • Access limited to what is needed. Avonair employees only have access to the system when operationally required, with audit logging.
  • No data export outside the EU. We do not transfer your data to countries outside the European Economic Area, except with appropriate safeguards and only after your explicit consent.

Retention for your Cockpit data

  • Account data (email, role): while the account is active, plus 30 days after a deletion request or termination.
  • Connection tokens (OAuth tokens): until you revoke the connection, then deleted immediately.
  • Module data (daily social metrics and other source data): until you revoke the connection or the account, then deleted or anonymised within 30 days.
  • Audit logs (login timestamps and activity logs): 12 months, then deleted.

You can revoke an integration at any time via the settings in your Cockpit or at the connected provider itself. Fetching new data stops immediately.

Sub-processors for Avonair Cockpit

To run a Cockpit environment we work with the following sub-processors. Additional sub-processors can be activated per client on request for specific modules — these are recorded in your own Cooperation Agreement.

  • Vercel Inc. — hosting of the application and serverless functions, EU region.
  • Supabase Inc. — database, authentication and token storage, EU region (Frankfurt).
  • Google LLC — provides YouTube data via OAuth, only when you explicitly connect your channel.
  • Meta Platforms Inc. — provides Instagram data via OAuth, only when you explicitly connect your account.
  • TikTok Pte. Ltd. (Europe) — provides TikTok data via OAuth, only when you explicitly connect your account, processing in the EU.

Avonair has a data processing agreement (DPA) with Vercel and Supabase ensuring EU processing and no training on your data. The social platforms are themselves data controllers for their own platform; Avonair Cockpit is only a client application that receives data via OAuth.

How long we keep data (general)

We do not keep personal data longer than needed for the purpose for which we collected it, or as long as the law requires. At a high level:

  • We keep contact and request data for as long as needed for follow-up and, if a project follows, for the duration of the collaboration and a reasonable period thereafter.
  • Data we must keep under a statutory retention obligation is kept for the statutory period.
  • After that we delete or anonymise the data.

Specific retention periods for Cockpit data are listed above. Retention for other services is set out in the Avonair Cooperation Agreement and the quote per client.

Processing within the EU

Personal data we process for clients within our services is processed in a data centre within the European Union. Where, in a specific situation, a transfer outside the EU would nevertheless arise, this only happens with appropriate safeguards, set out in the Avonair Cooperation Agreement and the quote per client.

Your rights

Under the GDPR you have the following rights regarding the personal data we process about you:

  • Access: you can request which personal data we process about you.
  • Rectification: you can have inaccurate data corrected.
  • Erasure: you can ask to have your data deleted, insofar as we are not legally required to keep it.
  • Restriction: you can ask us to temporarily restrict processing.
  • Data portability: you can ask to receive your data in a common format.
  • Objection: you can object to processing based on legitimate interest.
  • Withdraw consent: where we process based on consent, you can withdraw it without affecting the validity of earlier processing.

To exercise a right, contact us via info@avonair.ai. We respond within the statutory period. We may ask you for additional information to verify your identity. If it concerns personal data we process within a service on behalf of a client, you exercise your rights in principle with that client as the data controller. Avonair supports the client with this in line with the Avonair Cooperation Agreement.

Complaint to the Dutch Data Protection Authority

If you disagree with how we handle your personal data, we appreciate it if you contact us first so we can look into it. You also always have the right to lodge a complaint with the Autoriteit Persoonsgegevens, the Dutch supervisory authority.

Data security at a high level

Your business data is at the heart of what we set up for you. That is why we explain, in plain language, how we handle it. No jargon, just a clear picture.

  • Your data stays in the EU. We process your data in a data centre within the European Union.
  • A separate environment per client. Every client gets its own separate environment. Your data is not pooled together with that of other clients.
  • AI providers do not train on your data. An AI assistant helps you read and query your own business data. The AI providers in our chain do not use your data to train their models. We secure this contractually via the chosen EU route.
  • The AI reads, the team decides. The AI assistant gives readable answers to questions about your data. It does not make decisions for you and does not take actions without your team keeping control. The assistant accesses your connected systems through controlled steps and never gets hold of raw login credentials for those systems.
  • Access is limited. Access to your environment is limited to those who genuinely need it to deliver and maintain the service. Your data is stored encrypted. We do not share your data with third parties for other purposes and we do not sell data.
  • Clear arrangements on paper. Every client gets one Avonair Cooperation Agreement, plus the quote with the safeguards that apply specifically to your situation. You remain the owner of your own business data. The system prompts and configuration built for you are part of the service and transfer to you on termination. That is set out in writing, before you sign.
  • If something does go wrong. If, despite all measures, there is an incident, we have a fixed procedure for it. We assess what happened, limit the impact and inform you in good time so you can meet your own obligations. The exact steps and timelines are set out in the Avonair Cooperation Agreement.

Cookies

On our website and in Avonair Cockpit we use functional cookies only — needed to run the site and remember your session. We do not place advertising or tracking cookies. For cookies that are not strictly necessary, we ask for your consent in advance. See our cookie policy for more.

Changes

We may adjust this privacy policy from time to time, for example when legislation changes or our services change. The current version is always available on our website, and that online version is the governing version. For changes with material consequences for ongoing collaboration we explain by email.

Contact

For questions about this privacy policy or about your personal data, you can contact us via:

  • Email: info@avonair.ai
  • Phone: +31 6 15562782